User login

P2P - MP3 Exploit

Lately,
I have noticed a large amount of MP3 Files which are the first, at least that I have heard of, which are capable of exploiting the Web Browser.

The MP3 Will be about 3MB-6MB, imitating an actual music file.
It will show in WMP as a length of 0:01
When you try to play it, it will state that the extension does not match the format. Windows Media Player will give you the option of continuing playback. Of course someone who wants to hear their favorite song will click Yes...

The MP3 is actually loaded with a link a link to a malicious website.

They're Very Easy to manipulate, all you have to do is use a HEX Editor, and there ya go, new variant.

I'm pretty sure you are talking about the URLANDEXIT trick. I've uploaded a sample http://www.offensivecomputing.net/?q=ocsearch&ocq=9ed177500edd1657c662da79adb816f7 that redirects to google. As for hex editing, it may work with URL's of equal length but I found that it doesn't respond well to shortening or lengthening of the URL, but the Windows Media Editor included in the Windows Media SDK can be used to change it to whatever you want. Also, if you use the extension .asf, .wmv, or .wma it won't give the extension error and will just play.